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DETAILED ACTION 

Information Disclosure Statement 

01 . The information disclosure statement (IDS) filed on 09/01/2005 and on 
01/30/2006 have been considered by the examiner and made of record in the 
application file. 

Drawings 

02. The drawings were received on 03/10/2004. These drawings are 
accepted. 

Claim Rejections - 35 USC § 101 

03. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or 
composition of matter, or any new and useful improvement thereof, may obtain a patent 
therefor, subject to the conditions and requirements of this title. 

04. Claims 8-14 are rejected under 35 U.S.C. 101 because the claimed 
invention is directed to non-statutory subject matter. Claims 8-14 claim a 
"computer-readable storage medium" where the specification specifically 
mentions examples of a "computer-readable storage medium" to include 
computer instruction signals embodied in a transmission medium with or without 
a carrier wave upon which the signals are modulated, which do not fall under 
statutory subject matter. 
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Claim Rejections - 35 USC § 102 

05. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 
1 02 that form the basis for the rejections under this section made in this Office 
Action: 

A person shall be entitled to a patent unless - 

(a) the invention was known or used by others in this country, or patented or described in 
a printed publication in this or a foreign country, before the invention thereof by the 
applicant for a patent. 

06. Claims 1 - 3, 5 - 10, 12 - 17, and 19 - 21 are rejected under 35 U.S.C. 
102(a) as being anticipated by ASP Alliance (Introduction to Validating User Input 
in Web Forms, December 29, 2003). 

Consider claim 1 , ASP Alliance clearly shows a method for using 
validation controls (read as query signatures to provide security for a database), 
comprising: 

when the user's input is being processed (for example, when the form is 
submitted) (read as receiving the query at the database) (page 1 lines 20-21), the 
page framework passes the user's entry to the appropriate validation control or 
controls (read as parsing the query to determine a signature for the query, 
wherein the signature specifies a structure based on operations for the query and 
is independent of the value of literals in the query) (page 1 lines 21-22). The 
validation controls test the user's input and set a property to indicate whether the 
entry passed the test (read as determining if the signature is located in a 
signature cache, which contains signature for valid queries) (page 1 lines 22-23). 
And would test the state of the validation controls before updating a data record 
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with information entered by the user. If you detect an invalid state, you bypass 
the update (read as if so, processing the query) (page 1 lines 27-29). 

Consider claim 2, and as applied to claim 1 above, ASP Alliance clearly 
shows a method such that if any validation checks fail (read as if the signature is 
not in the signature cache) (page 1 line 29), you skip all your own processing 
(read as the method further comprises triggering a mismatch alert) (page 1 lines 
29-30). 

Consider claim 3, and as applied to claim 2 above, ASP Alliance clearly 
shows a method such that validation controls that detected errors then produce 
an error message that appears on the page (read as the mismatch alert throws 
an error) (page 1 lines 30-31). 

Consider claim 5, and as applied to claim 2 above, ASP Alliance clearly 
shows a method such that if any validation checks fail, you skip all your own 
processing and the page is returned to the user (read as the mismatch alert is 
sent to a requesting applications, thereby allowing the requesting application to 
take action) (page 1 lines 29-30). 

Consider claim 6, and as applied to claim 1 above, ASP Alliance clearly 
shows a method such that when the user submits a form to the server, the 
validation controls are invoked to review the user's input, control by control (read 
as the signature cache is initialized by recording signatures of valid transactions 
during a system initialization operation) (page 2 lines 36-37) . 

Consider claim 7, and as applied to claim 1 above, ASP Alliance clearly 
shows a method such that if any validation checks fail (read as the signatures 
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generates a mismatch alert) (page 1 line 19) you enable validation of user input 
by adding validation controls to your form as you would other server controls 
(read as if the query is a valid query, the method further comprises allowing a 
database administrator to add the signature to the signature cache) (page 1 line 
16-17). 

Consider claim 8, ASP Alliance clearly shows a computer-readable 
storage medium storing instructions that when executed by a computer cause the 
computer to perform a method for using validation controls (read as query 
signatures to provide security for a database), comprising: 

when the user's input is being processed (for example, when the form is 
submitted) (read as receiving the query at the database) (page 1 lines 20-21), the 
page framework passes the user's entry to the appropriate validation control or 
controls (read as parsing the query to determine a signature for the query, 
wherein the signature specifies a structure based on operations for the query and 
is independent of the value of literals in the query) (page 1 lines 21-22). The 
validation controls test the user's input and set a property to indicate whether the 
entry passed the test (read as determining if the signature is located in a 
signature cache, which contains signature for valid queries) (page 1 lines 22-23). 
And would test the state of the validation controls before updating a data record 
with information entered by the user. If you detect an invalid state, you bypass 
the update (read as if so, processing the query) (page 1 lines 27-29). 

Consider claim 9, and as applied to claim 8 above, ASP Alliance clearly 
shows a computer-readable storage medium such that if any validation checks 
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fail (read as if the signature is not in the signature cache) (page 1 line 29), you 
skip all your own processing (read as the method further comprises triggering a 
mismatch alert) (page 1 lines 29-30). 

Consider claim 10, and as applied to claim 9 above, ASP Alliance 
clearly shows a computer-readable storage medium such that validation controls 
that detected errors then produce an error message that appears on the page 
(read as the mismatch alert throws an error) (page 1 lines 30-31 ). 

Consider claim 12, and as applied to claim 9 above, ASP Alliance 
clearly shows a computer-readable storage medium such that if any validation 
checks fail, you skip all your own processing and the page is returned to the user 
(read as the mismatch alert is sent to a requesting applications, thereby allowing 
the requesting application to take action) (page 1 lines 29-30). 

Consider claim 13, and as applied to claim 8 above, ASP Alliance 
clearly shows a computer-readable storage medium such that when the user 
submits a form to the server, the validation controls are invoked to review the 
user's input, control by control (read as the signature cache is initialized by 
recording signatures of valid transactions during a system initialization operation) 
(page 2 lines 36-37). 

Consider claim 14, and as applied to claim 8 above, ASP Alliance 
clearly shows a computer-readable storage medium such that if any validation 
checks fail (read as the signatures generates a mismatch alert) (page 1 line 29) 
you enable validation of user input by adding validation controls to your form as 
you would other server controls (read as if the query is a valid query, the method 
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further comprises allowing a database administrator to add the signature to the 
signature cache) (page 1 lines 16-17). 

Consider claim 15, ASP Alliance clearly shows an apparatus for using 
validation controls (read as query signatures to provide security for a database), 
comprising: 

when the user's input is being processed (for example, when the form is 
submitted) (read as receiving the query at the database) (page 1 lines 20-21), the 
page framework passes the user's entry to the appropriate validation control or 
controls (read as parsing the query to determine a signature for the query, 
wherein the signature specifies a structure based on operations for the query and 
is independent of the value of literals in the query) (page 1 lines 21-22). The 
validation controls test the user's input and set a property to indicate whether the 
entry passed the test (read as determining if the signature is located in a 
signature cache, which contains signature for valid queries) (page 1 lines 22-23). 
And would test the state of the validation controls before updating a data record 
with information entered by the user. If you detect an invalid state, you bypass 
the update (read as if so, processing the query) (page 1 lines 27-29). 

Consider claim 16, and as applied to claim 15 above, ASP Alliance 
clearly shows an apparatus such that if any validation checks fail (read as if the 
signature is not in the signature cache) (page 1 line 29), you skip all your own 
processing (read as the method further comprises triggering a mismatch alert) 
(page 1 lines 29-30). 
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Consider claim 17, and as applied to claim 16 above, ASP Alliance 
clearly shows an apparatus such that validation controls that detected errors then 
produce an error message that appears on the page (read as the mismatch alert 
throws an error) (page 1 lines 30-31). 

Consider claim 19, and as applied to claim 16 above, ASP Alliance 
clearly shows an apparatus such that if any validation checks fail, you skip all 
your own processing and the page is returned to the user (read as the mismatch 
alert is sent to a requesting applications, thereby allowing the requesting 
application to take action) (page 1 lines 29-30). 

Consider claim 20, and as applied to claim 15 above, ASP Alliance 
clearly shows an apparatus such that when the user submits a form to the server, 
the validation controls are invoked to review the user's input, control by control 
(read as the signature cache is initialized by recording signatures of valid 
transactions during a system initialization operation) (page 2 lines 36-37) . 

Consider claim 21, and as applied to claim 15 above, ASP Alliance 
clearly shows an apparatus such that if any validation checks fail (read as the 
signatures generates a mismatch alert) you enable validation of user input by 
adding validation controls to your form as you would other server controls (read 
as if the query is a valid query, the method further comprises allowing a database 
administrator to add the signature to the signature cache) (page 1, lines 29, 16- 
17). 
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Claim Rejections - 35 USC § 103 

07. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject 
matter sought to be patented and the prior art are such that the subject matter as a whole 
would have been obvious at the time the invention was made to a person having ordinary 
skill in the art to which said subject matter pertains. Patentability shall not be negatived 
by the manner in which the invention was made. 

08. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1 , 
148 USPQ 459 (1966), that are applied for establishing a background for 
determining obviousness under 35 U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating obviousness 
or nonobviousness. 

09. Claims 4, 11, and 18 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over ASP Alliance (Introduction to Validating User Input in Web 
Forms, December 29, 2003) in view of The PHP Group (Error Handling and 
Logging Functions, November 27, 2003). 

Consider claim 4, and as applied to claim 1 above, ASP Alliance clearly 
show the claimed invention except for that a mismatch alert is sent to a database 
administrator. 

The PHP Group clearly shows an example of using the error handling 
capabilities to define an error handling function, which logs the information into a 
file and e-mails the developer in case a critical error in logic happens (read as the 
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mismatch alert is sent to a database administrator and the query is processed) 
(page 7 lines 5-6). 

Therefore it would have been obvious to one of ordinary skill in the art at 
the time the invention was made to combine the error handling capability taught 
by The PHP Group into the method of using query signatures taught by ASP 
Alliance for the purpose of allowing an administrator to monitor errors being 
entered into the database. 

Consider claim 1 1 , and as applied to claim 8 above, ASP Alliance 
clearly show the claimed invention except for that a mismatch alert is sent to a 
database administrator. 

The PHP Group clearly shows an example of using the error handling 
capabilities to define an error handling function, which logs the information into a 
file and e-mails the developer in case a critical error in logic happens (read as the 
mismatch alert is sent to a database administrator and the query is processed) 
(page 7 lines 5-6). 

Therefore it would have been obvious to one of ordinary skill in the art at 
the time the invention was made to combine the error handling capability taught 
by The PHP Group into the use of query signatures taught by ASP Alliance for 
the purpose of allowing an administrator to monitor errors being entered into the 
database. 

Consider claim 18, and as applied to claim 15 above, ASP Alliance 
clearly show the claimed invention except for that a mismatch alert is sent to a 
database administrator. 
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The PHP Group clearly shows an example of using the error handling 
capabilities to define an error handling function, which logs the information into a 
file and e-mails the developer in case a critical error in logic happens (read as the 
mismatch alert is sent to a database administrator and the query is processed) 
(page 7 lines 5-6). 

Therefore it would have been obvious to one of ordinary skill in the art at 
the time the invention was made to combine the error handling capability taught 
by The PHP Group into the use of query signatures taught by ASP Alliance for 
the purpose of allowing an administrator to monitor errors being entered into the 
database. 

Conclusion 

10. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

a) Strong, Robert W; U.S. Patent # 6,167,523 

b) Chidlovskii, Boris; U.S. Patent # 6,347,314 

1 1 . Any response to this Office Action should be faxed to (571 ) 273-8300 or 
mailed to: 

Commissioner for Patents 
P.O. Box 1450 
Alexandria, VA 22313-1450 

Hand-delivered responses should be brought to 
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Customer Service Window 
Randolph Building 
401 Dulany Street 
Alexandria, VA 22314 
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12. Any inquiry concerning this communication or earlier communications from 
the Examiner should be directed to Christopher Raab whose telephone number 
is (571) 270-1090. The Examiner can normally be reached on Monday-Thursday 
from 7:30am to 5:00pm. 

If attempts to reach the Examiner by telephone are unsuccessful, the 
Examiner's supervisor, Rafael Perez-Gutierrez can be reached on (571) 272- 
7915. The fax phone number for the organization where this application or 
proceeding is assigned is (571) 273-8300. 

Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through Private 
PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free) 
or 703-305-3028. 

Any inquiry of a general nature or relating to the status of this application 
or proceeding should be directed to the receptionist/customer service whose 
telephone number is (571) 272-2600. 
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Christopher Raab 
C.RVcr 

June 14, 2006 




